Class ThreadLimitHandler

  • All Implemented Interfaces:
    Handler, HandlerContainer, Container, Destroyable, Dumpable, Dumpable.DumpableContainer, LifeCycle

    public class ThreadLimitHandler
    extends HandlerWrapper

    Handler to limit the threads per IP address for DOS protection

    The ThreadLimitHandler applies a limit to the number of Threads that can be used simultaneously per remote IP address.

    The handler makes a determination of the remote IP separately to any that may be made by the ForwardedRequestCustomizer or similar:

    • This handler will use either only a single style of forwarded header. This is on the assumption that a trusted local proxy will produce only a single forwarded header and that any additional headers are likely from untrusted client side proxies.
    • If multiple instances of a forwarded header are provided, this handler will use the right-most instance, which will have been set from the trusted local proxy
    Requests in excess of the limit will be asynchronously suspended until a thread is available.

    This is a simpler alternative to DosFilter

    • Constructor Detail

      • ThreadLimitHandler

        public ThreadLimitHandler()
      • ThreadLimitHandler

        public ThreadLimitHandler​(@Name("forwardedHeader")
                                  java.lang.String forwardedHeader)
      • ThreadLimitHandler

        public ThreadLimitHandler​(@Name("forwardedHeader")
                                  java.lang.String forwardedHeader,
                                  boolean rfc7239)
    • Method Detail

      • doStart

        protected void doStart()
                        throws java.lang.Exception
        Description copied from class: ContainerLifeCycle
        Starts the managed lifecycle beans in the order they were added.
        doStart in class AbstractHandler
      • isEnabled

        @ManagedAttribute("true if this handler is enabled")
        public boolean isEnabled()
      • setEnabled

        public void setEnabled​(boolean enabled)
      • getThreadLimit

        @ManagedAttribute("The maximum threads that can be dispatched per remote IP")
        public int getThreadLimit()
      • setThreadLimit

        public void setThreadLimit​(int threadLimit)
      • include

        @ManagedOperation("Include IP in thread limits")
        public void include​(java.lang.String inetAddressPattern)
      • exclude

        @ManagedOperation("Exclude IP from thread limits")
        public void exclude​(java.lang.String inetAddressPattern)
      • handle

        public void handle​(java.lang.String target,
                           Request baseRequest,
                           javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)
        Description copied from interface: Handler
        Handle a request.
        Specified by:
        handle in interface Handler
        handle in class HandlerWrapper
        target - The target of the request - either a URI or a name.
        baseRequest - The original unwrapped request object.
        request - The request either as the Request object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getRequest() method can be used access the Request object if required.
        response - The response as the Response object or a wrapper of that request. The HttpConnection.getCurrentConnection().getHttpChannel().getResponse() method can be used access the Response object if required.
        Throws: - if unable to handle the request or response processing
        javax.servlet.ServletException - if unable to handle the request or response due to underlying servlet issue
      • getThreadLimit

        protected int getThreadLimit​(java.lang.String ip)
      • getRemote

        protected org.eclipse.jetty.server.handler.ThreadLimitHandler.Remote getRemote​(Request baseRequest)
      • getRemoteIP

        protected java.lang.String getRemoteIP​(Request baseRequest)